search

puppetlabs / puppetlabs-node_manager

Create and manage PE node groups as resources.
Apache License 2.0
10 stars 21 forks source link

Trusted facts in classification rules #34

Closed jfrolick closed 6 years ago

jfrolick commented 6 years ago

Hello,

I am using the node_manager module to add classification groups for some of our applications. I added a rule via the console, and figured that the same rule syntax should work for node_manager. The matching rule seemed to work properly, at least from the perspective of the console. There were matching nodes, however the classes were not applied to the agent. Removal and subsequent addition of the class seemed to resolve the issue, but it broke after Puppet ran on the master. The agent output on the master indicated that the rule was changed when I updated the class, even though I never directly updated it. As it turns out, the console was correcting the matching rule when I removed and added the class via the console. It is worth noting that both the correct and incorrect rules appeared identical in the console, and both seem to match nodes. Since the classes are not applied during agent execution, it indicates that the matching rule did not match the node during catalog compilation.

Technically, I guess this isn't really a bug, but it did cause me a little bit of confusion.

before - (nonfunctional - incorrect rule syntax):

node_group { ‘XXXX’:
  ensure               => ‘present’,
  classes              => {‘role::XXXX’ => {}},
  environment          => ‘nonprod’,
  id                   => ‘265b6a5c-0697-4c9f-9cc2-dfdf3b0c13c7’,
  override_environment => ‘false’,
  parent               => ‘Research’,
  rule                 => [‘and’, [‘~’, [‘fact’, ‘trusted.extensions.pp_role’], ‘XXXX’]],
}

after - (functional - after removing and adding the class):

node_group { ‘XXXX’:
  ensure               => ‘present’,
  classes              => {‘role::XXXX’ => {}},
  environment          => ‘nonprod’,
  id                   => ‘265b6a5c-0697-4c9f-9cc2-dfdf3b0c13c7’,
  override_environment => ‘false’,
  parent               => ‘Research’,
  rule                 => [‘and’, [‘~’, [‘trusted’, ‘extensions’, ‘pp_role’], ‘XXXX’]],
}

diff before after

8c8
<   rule                 => [‘and’, [‘~’, [‘fact’, ‘trusted.extensions.pp_role’], ‘XXXX’]],
---
>   rule                 => [‘and’, [‘~’, [‘trusted’, ‘extensions’, ‘pp_role’], ‘XXXX’]],